Memory fault when loading cl+ssl

Bug #1530390 reported by Jared Davis on 2015-12-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
High
Douglas Katzman

Bug Description

Hi,

I get "memory corruption" errors when I try to load the cl+ssl library under certain optimization settings, but not under other optimization settings. Trying to compile the library under (safety 3) doesn't show any obvious problems.

The attached script allows this problem to be reproduced reliably on my system. NOTE: this script deletes ~/.sbclrc. Please back it up if you care about it! Example error output from the script:

    ; Loading "cl+ssl"
    [package alexandria.0.dev]........................
    [package babel-encodings].........................
    [package babel]...................................
    ..................................................
    [package cffi-sys]................................
    [package cffi]....................................
    ..................................................
    [package cffi-features]...........................
    [package impl-specific-gray]......................
    [package trivial-gray-streams]....................
    [package flexi-streams]...........................
    ..................................................
    ..................................................
    [package bordeaux-threads]........................
    [package trivial-garbage].........................
    [package cl+ssl]CORRUPTION WARNING in SBCL pid 19683(tid 46912496193760):
    Memory fault at 0x1040000000 (pc=0x1001823422, sp=0x2aaab4bd6568)
    The integrity of this image is possibly compromised.
    Continuing with fingers crossed.

    debugger invoked on a SB-SYS:MEMORY-FAULT-ERROR in thread
    #<THREAD "main thread" RUNNING {1002A84F43}>:
      Unhandled memory fault at #x1040000000.

    Type HELP for debugger help, or (SB-EXT:EXIT) to exit from SBCL.

    restarts (invokable by number or by possibly-abbreviated name):
      0: [TRY-RECOMPILING ] Recompile reload and try loading it again
      1: [RETRY ] Retry
                                         loading FASL for #<CL-SOURCE-FILE "cl+ssl" "src" "reload">.
      2: [ACCEPT ] Continue, treating
                                         loading FASL for #<CL-SOURCE-FILE "cl+ssl" "src" "reload">
                                         as having been successful.
      3: Retry ASDF operation.
      4: [CLEAR-CONFIGURATION-AND-RETRY] Retry ASDF operation after resetting the
                                         configuration.
      5: [ABORT ] Give up on "cl+ssl"
      6: Exit debugger, returning to top level.

    (SB-SYS:MEMORY-FAULT-ERROR)

$ sbcl --version
SBCL 1.3.1.181-ceaf5df

$ uname -a
Linux compute-1-3.local 2.6.32-431.el6.x86_64 #1 SMP Thu Nov 21 13:35:52 CST 2013 x86_64 x86_64 x86_64 GNU/Linux

Jared Davis (jared-c-davis) wrote :
Jared Davis (jared-c-davis) wrote :

I think I've tracked this down to e9046da9d3dc1be0aa772c5e7c21b74d1121c350, "Remove unnecessary inline/notinline pairs for defstruct ctors."

That is, the script provokes an error on SBCL 1.3.1.108-e9046da, but doesn't provoke an error on the earlier 1.3.1.107-d503934.

It looks like that commit only changes some inlined-ness of certain functions, so it's probably not the root cause. I'm in over my head.

Douglas Katzman (dougk) on 2016-01-13
Changed in sbcl:
importance: Undecided → High
assignee: nobody → Douglas Katzman (dougk)
Douglas Katzman (dougk) wrote :

Reduction:

(defun crashme (a)
  (declare (optimize (safety 0)))
  (restart-case
      (progn (ignore-errors (error "Foo")) (print 'crash))
    (retry () (f1 a))
    (use-value (new) (f2 new))))

Then execute this *two* *times* at the REPL -
 (let ((a (make-array 10))) (unwind-protect (crashme 'bork) (fill a 0)))

The first works, the second gets:
CORRUPTION WARNING in SBCL pid 21699(tid 140737353955136):
Memory fault at (nil) (pc=0x1001a7b220, sp=0x7ffff221dfe8)
The integrity of this image is possibly compromised.
Continuing with fingers crossed.
Help! 11 nested errors. SB-KERNEL:*MAXIMUM-ERROR-DEPTH* exceeded.

The stack is getting whacked. I'm pretty sure this is a problem in %%NIP-VALUES and/or stack analysis.

Stas Boukarev (stassats) wrote :

That crashme doesn't actually crash.

Douglas Katzman (dougk) wrote :
Changed in sbcl:
status: New → Fix Committed
Changed in sbcl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments